Another Midnight Power Grab: FTC Again Grasping at Straws in Data Security

Agency files desperate eleventh-hour data security complaint against D-Link without a single instance of actual or likely substantial harm to any consumer

Washington D.C. – The Federal Trade Commission (“FTC”) yesterday filed a complaint against D-Link Systems, Inc. (“D-Link”) claiming a violation of the Federal Trade Commission Act resulting from unsupported allegations of data security lapses in D-Link’s Consumer IP routers and IP cameras.

“The FTC has again overstepped its legal authority under Section 5 of the Federal Trade Commission Act and is bringing this enforcement action without precedent or facts on its side,” said Cause of Action Institute Assistant Vice President Patrick Massari. “In D-Link’s 30-year history, there is no evidence of a single security breach that has resulted in harm to any consumer. As was the case in the FTC’s assault on LabMD, a small cancer-detection laboratory that was destroyed by the FTC’s zeal to dismantle any business that dared challenge its authority, the purpose of this case is to again intimidate businesses and attempt to extend its authority beyond what Congress intended.  D-Link’s ongoing vigorous defense of its security practices and fight against the FTC’s overreach through the legal system is a courageous step in the right direction for all consumer router companies who wish to fight against FTC’s disregard for facts and the rule of law.  Commissioners Ramirez and McSweeny have not learned the lesson of the LabMD case.  FTC’s predatory appetite for overzealous and baseless persecution continues unabated.”

The FTC complaint predictably alleges that D-Link has “failed to take reasonable steps to secure the software for their routers and IP cameras, which [are] offered to consumers, respectfully, for the purpose of protecting their local networks and accessing sensitive personal information.”  D-Link denies the unwarranted allegations outlined in the FTC complaint and asserts it will vigorously defend the action.

The FTC has made vague and unsubstantiated allegations relating to Consumer IP routers and IP cameras.  D-Link maintains a robust range of procedures to address potential security issues, which exist in all Internet of Things devices.  Notably, the complaint does not allege any breach of a D-Link device.  Instead, the FTC speculates that consumers were placed “at risk” to be hacked, but fails to allege, as it must, that actual consumers suffered or are likely to suffer actual substantial injuries. 

About Cause of Action Institute:

To enhance individual and economic liberty, we work to limit the power of the administrative state to make decisions that are contrary to freedom and prosperity by advocating for a transparent and accountable government free from waste, fraud, abuse and cronyism.

For information regarding this press release, please contact Zachary Kurz, Director of Communications at CoA Institute: zachary.kurz@causeofaction.org

 

 

Doctors Say FTC Overreach Endangers Patient Welfare

Washington, D.C. – Cause of Action Institute (“CoA Institute”) filed an Amicus Curiae brief on behalf of nine medical doctors who outlined to the court how regulatory overreach by the Federal Trade Commission (“FTC”) has harmed their patients’ welfare. The doctors argue that patients benefit from more competition and more providers of specialized cancer-diagnostic services. When the FTC put LabMD, a small cancer-detection laboratory, out of business for no reason, the FTC harmed the very consumers it was supposed to help.

Many of them former LabMD clients, the Amici doctors offer unique insight into the practical benefits of LabMD’s cancer-detection services.  While in operation, they say that LabMD’s business model was years ahead of its time and its services benefited doctors, healthcare providers, and patients through more accurate tests, reduced costs, and faster turn-around for patients to receive test results.

Congress chose to regulate medical data security by giving the Department of Health and Human Services (“HHS”) comprehensive authority to protect patient health information.  HHS has exercised this authority by creating regulations that set medical data security standards, which it actively enforces. While LabMD was in business, its work required securely storing personal health data and medical records in compliance with these HHS regulations.

In their Amicus brief, the doctors argue that the FTC overstepped its authority to regulate the practice of medicine by imposing new, confusing, and burdensome patient information data security obligations inconsistent with established federal healthcare law through HHS.

The doctors wrote:

Amici doctors are extremely concerned that, given its wholesale lack of healthcare expertise, the FTC’s recent decision to layer conflicting medical data-security requirements on top of those set by federal healthcare law will endanger their patients and have a deleterious effect on the practice of medicine and the patients whose care is entrusted to these providers.”

Ultimately, the doctors conclude that the FTC’s lack of medical expertise will “endanger patient welfare and stifle healthcare innovation.”

“In its disregard for the rule of law and due process, the FTC destroyed a small cancer detection laboratory whose primary mission was to serve its physician-clients and save lives,” said CoA Institute Assistant Vice President Patrick Massari. “The FTC’s ill-conceived foray into medical data security, where it has neither legal authority nor expertise, has endangered patient welfare.”

“The healthcare market does not need another player inserting itself  into the complex field of medicine,” added Amicus Doctor David L. Black, founder of Nashville-based Aegis Sciences Corporation. Aegis performs numerous types of laboratory testing and analysis, including workplace drug testing, prenatal monitoring, behavioral health testing, testing of food supplements to ensure that athletes do not ingest prohibited substances, and toxicology and consulting services to medical examiners, crime laboratories and police departments throughout the country.

Dr. David Black’s extensive work presenting at programs around the nation, authoring dozens of industry publications, and serving as an expert witness for testimony in federal, state, local and international courts of law, has made him a highly-respected industry leader. Dr. Black is acutely familiar with regulators in the healthcare space and has never before heard of the FTC wielding such authority as it has against LabMD in his 30-plus years of experience.

CASE BACKGROUND:

Last year, LabMD appealed a crippling FTC order that found the company’s data security practices were unreasonable. The case is now before the U.S. Court of Appeals in the 11th Circuit.

The agency has already caused irreparable harm to LabMD, forcing the small business to close its doors in 2014. If upheld, the agency’s order would cause continued harm to LabMD, requiring the company to submit to 20 years of monitoring that could cost the company, now virtually defunct, hundreds of thousands of dollars. This brief was filed in support of LabMD’s request to the Court to vacate the FTC’s order.

Amici are as follows:  Dr. David Lee Black, Ph.D., D-ABFT, FAIC, Aegis Sciences Corporation; Dr. Bruce G. Green, MD, FAC, Urology Specialists of Atlanta; Dr. Joan E. Hader, MD, Urology Specialists of Atlanta; Dr. Brian E. Hill, MD, Urology Specialists of Atlanta; Dr. Warren Hitt, MD, Gulf Coast Regional Medical Center; Dr. William L. Nabors, MD, FACS, Urology Specialists of Atlanta; Dr. Robert R. Ross, M.D., F.A.C.S., RTR Urology; Dr. Bradley N. Secrest, MD, Hattiesburg Clinic; and Dr. David C. Stout, MD, Hattiesburg Clinic.

Institutional affiliations of the individual signatories are given for purposes of identification only and do not constitute endorsement by any institution listed with respect to the contents of Cause of Action Institute’s brief.

Read the full Amicus brief here

D.C. Circuit Overturns Lower Court, Rules Clinton Email Case Can Proceed

Washington D.C. – The D.C. Circuit Court of Appeals has overturned a ruling by the District Court in a lawsuit Cause of Action Institute (CoA Institute) filed against Secretary of State John Kerry and U.S. Archivist David Ferriero seeking to enforce their duties under the Federal Records Act as they relate to retrieval of Hillary Clinton’s emails.  CoA Institute Vice President John Vecchione argued the case, which was consolidated with a similar case filed by Judicial Watch. (Audio of oral arguments can be found in its entirety here)

The lower court had dismissed the case as moot because that court believed the State Department had recovered enough of the records and taken enough action short of initiating action through the Attorney General. The D.C. Circuit Court held that because the statute requires the agencies to reach out to the Attorney General to seek record recovery, and because the State Department has not done so, CoA Institute and Judicial Watch have not received everything to which they are entitled.

CoA Institute Vice President John Vecchione: “The D.C. Circuit has reinforced the lesson that the government is bound to follow the law and that measures short of what the law requires to recover government documents cannot be substituted as ‘good enough’.”

Read the opinion here.

 

 

 

 

CoA Institute Investigates Red Tape Limiting Access to Zika Testing

Washington D.C. – Cause of Action Institute (“CoA Institute”) today sent a Freedom of Information Act (“FOIA”) request to the Food and Drug Administration (“FDA”) to examine its role in regulating laboratory developed tests (“LDTs”), including tests for the Zika virus. This investigation comes on the heels of the FDA’s post-election decision to indefinitely postpone guidance documents the FDA had issued in an attempt to regulate LDTs. 

This year, the FDA took steps to enforce its guidance against labs that had developed Zika tests. The FDA’s actions would further limit patients’ access to testing for the Zika virus, which can cause serious birth defects. The FDA and the Centers for Disease Control and Prevention (“CDC”) have already put in place a policy limiting the availability of Zika tests to only pregnant women and individuals who were exposed to Zika and are experiencing symptoms. In other words, unless pregnant, an asymptomatic person who has traveled to a country with known Zika transmission prohibited from being tested for the virus. This policy prevents couples who are trying to conceive from information that would help them make personal healthcare and family planning decisions. 

CoA Institute Vice President John Vecchione: “The FDA needs to explain its actions. After 40 years of allowing laboratories to innovate freely and offer patients a variety of tests that often meet unique healthcare needs, it is troubling that the FDA has chosen to crack down just as the Zika virus started to spread. Couples exposed to Zika who are trying to conceive should not have to face bureaucratic hurdles to obtain testing. Instead, they and their doctor should have access to testing services that meet their unique needs. Such decisions cannot be made at a bureaucracy’s pace.” 

Due to the rapid onset and spread of the Zika virus, there is still no test that has undergone the FDA approval process for in vitro laboratory developed tests (meaning laboratory tests performed in a test tube, culture dish, or elsewhere outside a living organism). Rather, the Zika tests currently available for use were all approved by the FDA pursuant to an “Emergency Use Authorization,” which comes with strict limitations.

Clinical laboratories that perform testing services were historically regulated solely by the Centers for Medicare and Medicaid Services. However, beginning in 2014, the FDA asserted that it, too, has regulatory authority over laboratory developed tests. The FDA has authority to regulate manufactured drugs and “medical devices” pursuant to the Federal Food, Drug, and Cosmetic Act. In 2014, the FDA issued draft guidance documents that assert sweeping authority to treat laboratory developed tests as “medical devices.” Accordingly, the FDA asserted authority to regulate LDTs as “medical devices” under this updated guidance.   

In addition to a CDC-developed test, private laboratory companies have developed Zika tests and obtained approval to administer the tests pursuant to the Emergency Use Authorization. However, even these tests developed by private companies are subject to the CDC’s policy limiting the test to pregnant women or symptomatic individuals who were exposed to Zika.     

CoA Institute is interested in learning more about the FDA’s attempts to regulate these tests and the impacts such regulation may have on the ability of patients and doctors to access testing services.

The full FOIA is available here

 

Is Sec. Perez Campaigning on the Taxpayer’s Dime?

Washington D.C. – Cause of Action Institute (“CoA Institute”) today sent a Freedom of Information Act (“FOIA”) request to the U.S. Department of Labor investigating whether recent outreach by Secretary Tom Perez to voting members of the Democratic National Committee (“DNC”) regarding his political future could be in violation of the Hatch Act. The Hatch Act explicitly prohibits federal employees from using their official authority for the purpose of affecting the results of an election.

Secretary Perez reportedly emailed DNC party chairs Wednesday morning and asked them to join him on a conference call this afternoon. During that call Sec. Perez announced his candidacy for DNC Chairman. Such outreach raises the possibility that Perez may be attempting to advance his political campaign while serving in his current government role.

Following the conference call, CoA Institute requested all communications surrounding this outreach to better understand whether Sec. Perez has used taxpayer resources, such as government issued computers, office space, mobile devices, staff, or email systems to promote his campaign.

CoA Institute Assistant Vice President Henry Kerner: “The law is clear: public officials paid by taxpayers cannot use their position to engage in political activities. The Obama administration’s unprecedented history of Hatch Act violations threatens to undermine this important protection. Americans have a right to know if Sec. Perez used taxpayer-funded resources to further his own political campaign.”

There have been three previous high-profile Hatch Act violations during the Obama administration. Just a few months ago in July of this year, Department of Housing and Urban Development Secretary Julian Castro was found to have violated the Hatch Act when he openly endorsed Hillary Clinton’s candidacy for president during a Yahoo News interview. Before that, in 2012, Secretary of Health and Human Services Kathleen Sebelius was also found to have violated the Hatch Act when she delivered the keynote speech at a gala calling on attendees to reelect President Obama. And prior to that, Secretary Perez’s predecessor at the Labor Department, Hilda Solis, resigned after word came out that she had solicited campaign contributions from a subordinate employee.

These were historic violations, as no Cabinet secretary in any prior administration had been found in violation of the Hatch Act since its enactment under Franklin Delano Roosevelt. Yet, neither Ms. Sebelius nor Mr. Castro suffered any consequences for these violations.

The full FOIA can be found here

 

CoA Institute Sues CFPB for Refusing to Release Records Underpinning Anti-Arbitration Rule

Washington D.C. – Cause of Action Institute (“CoA Institute”) today filed a lawsuit in the U.S. District Court for the District of Columbia to compel the Consumer Financial Protection Bureau (“CFPB”) to provide records the agency used in formulating its rule to prohibit the use of mandatory binding arbitration clauses in financial services contracts.

Cause of Action Institute Vice President John Vecchione: “To issue a regulation affecting such a vast swath of the economy, and then attempt to conceal the bulk of the documents reflecting how that decision was made from public view, violates the law and the American people’s right to know.”

Prohibiting the use of third-party arbitration in financial contracts would subject numerous financial institutions to a flood of class action lawsuits, further burdening the courts and ultimately injuring consumers by increasing the costs associated with bank loans and other financial services. The CFPB’s proposed rule was largely based on a study commissioned by the agency in 2015. 

In April 2016, CoA Institute filed a Freedom of Information Act (“FOIA”) request for records that would show how the agency conducted its study. Although CFPB produced some documents, the agency withheld a large number of responsive records and information. 

In September, 2016, CFPB issued a final determination, indicating the agency would withhold 1,877 pages of responsive records. CoA Institute appealed the CFPB’s determination and challenged each FOIA exemption the agency applied to the production. Last month, CFPB denied the appeal.

In its lawsuit, CoA Institute argues that CFPB is required to produce all responsive records not covered by a valid exemption.  The burden is on the agency to justify the use of any exemption to withhold or redact information, which CFPB has failed to do. The lawsuit compels the agency to produce all records improperly withheld within twenty business days of the court’s order.

The full lawsuit can be found here

 

CoA Institute Challenges SEC’s Unlawful Expansion of Criminal Liability

Washington D.C. – Cause of Action Institute (CoA Institute) has filed an Amicus Curiae Brief in the First Circuit Court of Appeals challenging the District Court’s decision to defer to the U.S. Securities and Exchange Commission’s (SEC’s) interpretation of a law in a criminal case where that interpretation actually contradicts the text of the statute.

In May 2016, Richard Weed, a California-based attorney, was convicted on charges of conspiracy to commit securities fraud, which included a “pump-and-dump” scheme involving penny stocks. The government alleged that Mr. Weed performed legal work for two co-conspirators that enabled them to evade SEC stock registration requirements. Mr. Weed was sentenced to forty-eight months in prison.

The government’s case was premised on the fact that the co-conspirators were required to register the stock with the SEC. However, the stock at issue did not require registration under the Securities Act. The government conceded this point, but nevertheless argued that registration was required in accordance with the SEC’s interpretation of the law.

In its Amicus Brief, following a long line of judicial precedent, CoA Institute argued that Section 3(a)(9) of the Securities Act is unambiguous and should be construed as such, something the District Court of Massachusetts failed to do. More broadly, the Brief contends that federal agencies should not be able to administratively rewrite federal statutes to create new crimes that Congress never intended and then demand that the courts “defer” to the agency’s views on what the law prohibits or requires. Such a constitutionally dangerous practice violates the separation of powers and threatens individual liberty. The Amicus Brief argues that criminal statutes should be narrowly interpreted to protect citizens from arbitrary, overreaching prosecutions.

CoA Institute Counsel Patrick Massari: “The Constitution provides for the courts to have exclusive authority to interpret criminal laws passed by Congress. The SEC overstepped its authority by interpreting the law in a way that is directly contrary to the plain text of Section 3(a)(9). The unchecked power of the SEC and the administrative state harms individual liberty and threatens free market principles. CoA Institute is uniquely situated to assist the Court in reaching its decision because this case deals with the intersection of overcriminalization and administrative law.”

The full Amicus Brief can be found here.